我有一个python代码,可以给我一些假设的角色,我正在尝试对其进行修改以获取所有角色和附加的策略。
#! /usr/bin/python
import boto
import urllib
import hashlib
import argparse
parser = argparse.ArgumentParser(description='outputs security configuration of an AWS account')
parser.add_argument('-a', '--access_key_id', required=True, help='access key id')
parser.add_argument('-k', '--secret_access_key', required=True, help='secret access key')
parser.add_argument('-t', '--security_token', help='security token (for use with temporary security credentials)')
parser.add_argument('-r', '--role', help='role to assume')
parser.add_argument('-v', '--verbose', action="store_true", help='enable verbose mode')
parser.add_argument('-d', '--debug', action="store_true", help='enable debug mode')
args = parser.parse_args()
access_key_id = args.access_key_id
secret_access_key = args.secret_access_key
security_token = args.security_token
sts = boto.connect_sts(access_key_id, secret_access_key)
if args.role:
assumed_role = sts.assume_role(args.role, "SecAudit")
access_key_id = assumed_role.credentials.access_key
secret_access_key = assumed_role.credentials.secret_key
security_token = assumed_role.credentials.session_token
def debug(str):
if args.debug:
print str
def verbose(str):
if args.verbose or args.debug:
print str
def sha256(m):
return hashlib.sha256(m).hexdigest()
def config_line(header, name, detail, data):
return header + ", " + name + ", " + detail + ", " + data
def config_line_policy(header, name, detail, data):
verbose("===== " + header + ": " + name + ": " + detail + "=====")
verbose(data)
verbose("=========================================================")
return config_line(header, name, detail, sha256(data))
def output_lines(lines):
lines.sort()
for line in lines:
print line
iam = boto.connect_iam(access_key_id, secret_access_key, security_token=security_token)
verbose("Getting account summary:")
summary = iam.get_account_summary()
debug(summary)
output_lines([config_line("iam:accountsummary", "AccountMFAEnabled", "", str(summary["AccountMFAEnabled"]))])
# IAM Roles
verbose("Getting IAM role info:")
role_policy = []
roles = iam.list_roles().list_roles_response.list_roles_result.roles
for role in roles:
verbose("Role: " + role.role_name)
# Policy controling use of the role (always present)
assume_role_policy = role.assume_role_policy_document
assume_role_policy = urllib.unquote(assume_role_policy)
role_policy.append(config_line_policy("iam:assumerolepolicy", role.role_name, role.arn, assume_role_policy))
#Policies around what the assumed role can do
policies = iam.list_role_policies(role.role_name)
policies = policies.list_role_policies_response.list_role_policies_result.policy_names
for policy_name in policies:
policy = iam.get_role_policy(role.role_name, policy_name)
policy = policy.get_role_policy_response.get_role_policy_result.policy_document
policy = urllib.unquote(policy)
role_policy.append(config_line_policy("iam:rolepolicy", role.role_name, policy_name, policy))
debug(policies)
output_lines(role_policy)
但这只是获取假定的角色。我想获取所有角色和附加的策略。
我该怎么做